CVE-2025-67419

Name of the Vulnerable Software and Affected Versions evershop versions prior to 2.1.0

Description A Denial of Service (DoS) issue exists in evershop that allows unauthenticated attackers to exhaust application server resources. This occurs through the use of the ''GET /images'' API endpoint. The application does not limit the height of the use-element shadow tree or the dimensions of pattern tiles when processing SVG files, leading to unbounded resource consumption and a system-wide denial of service. The vulnerable parameter is the SVG file processed by the application.

Recommendations Update evershop to version 2.1.0 or later.